25 January 2010 - Study Shows US $100,000 Increase in Costs Associated With Average Breach
According to a study from the Ponemon Institute, the costs associated with data security breaches rose US $100,000 between 2008 and 2009, from US $6.65 million to US $6.75 million. The figures were formulated based on 45 reported breaches of sensitive customer data in
2009 at companies that were willing to discuss the incidents. The average cost per compromised record in 2009 was US $204, up just US $2 from 2008 figures, but over the five years that the study has been conducted, cost per record has increased $66. The factors considered in figuring the cost of a breach include cost of lost business; legal fees; disclosure expenses; consulting; and remediation. The study divides the breaches into three main causes: negligence, accounting for 40 percent of the incidents; system glitches, which account for 36 percent; and malicious attacks, which account for 24 percent.
http://www.pcworld.com/businesscenter/article/187611/data_breaches_get_costlier.html
25 January 2010 - The Top 20 website passwords you shouldn't be using
Computer users continue to choose predictable passwords that are easy to guess - a new study reveals. Find out which password is the most commonly used, and learn a way to help your users dream up passwords that are hard to crack, but still easy for them to remember.
http://www.sophos.com/blogs/gc/g/2010/01/22/top-20-website-passwords
25 January 2010 - Johnny Depp death crash video launches malware attack
Word spread like wildfire across the internet this weekend that actor Johnny Depp had been killed in a car crash. The story was bogus, but that didn't stop hackers taking advantage of the hot topic to spread a malicious Trojan. Discover more, and watch our video where we demonstrate the attack in action.
http://www.sophos.com/blogs/gc/g/2010/01/24/johnny-depp-died-car-crash
22 January 2010 - Hard Drives Stolen From BlueCross BlueShield Contained Member Information
A thief stole 57 hard drives from BluleCross BlueShield of Tennessee. The hard drives contained an estimated 500,000 member records and personal information.
http://www.scmagazineus.com/thief-steals-57-hard-drives-from-bluecross-blueshield-of-tennessee/article/162178/
22 January 2010 - New version of Zeus Targeting AIM users
A new iteration of Zeus, a notorious password-stealing trojan, is victimizing users of AOL Instant Messenger (AIM), according to researchers at anti-virus vendor Webroot
http://www.scmagazineus.com/new-version-of-zeus-targeting-aim-users/article/162090/
22 January 2010 - RockYou hack reveals most common password: '123456'
A recent analysis of 32 million passwords, obtained in the RockYou.com hack, has revealed that nearly 300,000 individuals used '123456' as their password.
http://www.scmagazineus.com/rockyou-hack-reveals-most-common-password-123456/article/162071/
20 January 2010 - People Leaving USB Drives in Clothing Pockets, Say Cleaners
A UK survey found that 4,500 USB drives have been found in people's clothing pockets when they were taken to dry cleaners. That number is half what it was a year earlier, but this could be explained by a shift to users downloading data to smartphones and netbooks as opposed to increased vigilance about data security. USB drive security was in the news recently when several manufacturers acknowledged a vulnerability in the access control mechanism of their devices.http://www.csoonline.com/article/519330/Taken_to_the_Cleaners
11 January 2010 - South Korean Military to Ban USB Drives
The South Korean military says it will ban the use of USB drives. The South Korean military is building a new data transfer system; once that system is complete, use of USB drives will no longer be permitted. The decision comes in the wake of attempts to infiltrate South Korean military computer systems. Last year, information about a joint South Korea/US military contingency plan was compromised due to the use of a portable storage device. http://gcn.com/articles/2010/01/11/korea-bans-flash-drives.aspx
11 January 2010 - Facebook Group Page Has Links to Malware-Laced Sites
Miscreants intent on spreading malware appear to be preying on people's unfounded fears that Facebook plans to begin charging users for its services. A Facebook group that appears to offer a place for people to protest the rumored fees has been shown to contain malware. The group pages themselves appear to be clean, but link to suspicious sites. Snopes.com has posted a warning about the deceptive groups and associated pages.
http://www.theregister.co.uk/2010/01/11/facebook_charging_rumour_malfeasance/
http://www.snopes.com/computer/internet/fbcharge.asp
8 January 2010 - Wide-Reaching Spear Phishing Campaign Claims to be Outlook Alert
A recently detected spear phishing scheme is spreading in the guise of a Microsoft Outlook alert. This particular attack is targeting a large number of domain names in the hope of tricking more users into clicking on a link that will download a variant of the Zbot banking Trojan horse program onto their computers. The attack also personalizes the emails in an attempt to gain users' trust.http://content.usatoday.com/communities/technologylive/post/2010/01/faked-outlook-updates-spreading-banking-trojans/1
4 January 2010 - Convicted Filesharer Seeks Lower Fine
The Boston University student who was fined US $675,000 for illegally downloading music has asked a judge to reduce the penalty or give him a retrial. Joel Tenenbaum, who was fined US $22,500 for each of 30 songs he was found guilty of downloading in violation of copyright law, says the amount is "grossly excessive."
http://news.bbc.co.uk/2/hi/technology/8441306.stm
http://abcnews.go.com/Technology/wireStory?id=9476541
1 January 2010 - French Anti-Piracy Law Now in Effect
France's new Internet anti-piracy law took effect on January 1.
Internet users who download music in violation of copyright laws will first receive email warnings. If they continue to violate the law, they will then receive written warnings. If they persist in illegal filesharing activity after both warnings, they will be required to appear before a judge who will have the authority to fine the individual or suspend the individual's Internet access.
http://news.bbc.co.uk/2/hi/europe/8436745.stm
31 December 2009 - Indiana Fugitive Found Through Online Game
The Howard County, Indiana Sheriff's Department found a fugitive from justice through his penchant for playing the online game World of Warcraft (WoW). Alfred Hightower had fled to Canada to evade a warrant issued for his arrest in 2007. After learning that Hightower is an avid WoW player, Deputy Matt Roberson sent a subpoena to Blizzard Entertainment in Canada, seeking information that would help his office locate Hightower. Because the company is Canadian and Roberson had no jurisdiction there, he did not expect anything to come of it, but several months later, he received data from the company that included Hightower's IP address, account information and history, billing address and online screen name. The information was enough to find Hightower and have him deported to the US, where he is expected to face the 2007 charges.http://kokomoperspective.com/news/local_news/article_15a0a546-f574-11de-ab22-001cc4c03286.html
30 December 2009 - McAfee Report Predicts Top Threats and Trends for 2010
According to McAfee's 2010 Threat Predictions Report, Adobe Reader and Adobe Flash will be the top targets for malware writers in 2010. Users are not always aware that the applications need updating, and the updates themselves can prove complicated to apply. The report also predicts that the severity of attacks against social networking sites will increase and that Trojans designed to steal banking information will become more sophisticated and harder to detect.
http://www.theregister.co.uk/2009/12/29/security_predictions_2010/
28 December 2009 - Chinese Matchmaking Site Data Stolen
A former board member of a Chinese matchmaking website is accused of stealing applicant information and trying to sell it to other companies.
In all, about 16,000 people who registered with the site are affected by the alleged data theft. The unnamed individual took the data from the company before he resigned in mid-2006.
http://news.asiaone.com/News/AsiaOne%2BNews/Crime/Story/A1Story20091226-188083.html
24 December 2009 - GAO Report Points Fingers in Nuclear Site Document Leak
A report from the Government Accountability Office (GAO) faults five government agencies, two congressional offices and the National Security Council for the leak of information about hundreds of US civilian nuclear facilities. The document was published on the Government Printing Office website in June and remained visible for about one day. The document was intended for the International Atomic Energy Agency (IAEA). Some of the confusion stemmed from the document's classification with an IAEA term that is not recognized in the US. NSC did not provide specific instructions for handling the document once delivered to the White House clerk's office.
http://www.washingtonpost.com/wp-dyn/content/article/2009/12/23/AR2009122302970_pf.html
23 December 2009 - MBNA Customer Credit Card Data on Stolen Laptop
MBNA is notifying thousands of customers that a laptop stolen from NCO Europe offices contains their credit card information. NCO Europe is a third-party contractor. Although the files do contain personal information, no PINs are believed to be included. While no fraudulent activity has been detected on the compromised accounts, MBNA is offering affected customers one year of credit monitoring service and is monitoring all compromised accounts.
http://www.scmagazineuk.com/mbna-confirms-data-loss-after-laptop-containing-personal-details-of-thousands-of-customers-was-stolen-from-vendor/article/160217/
http://www.net-security.org/secworld.php?id=8656
22 December 2009 - Former Asst. DA Draws Probation for Unauthorized Access to Information
A Louisiana man has been sentenced to two years of probation and ordered to pay a US $3,000 fine for unauthorized access to information by use of a computer. Perry Booth was employed as an Assistant District Attorney for Jefferson Parish, Louisiana when he noted the license plate of an individual involved in a near miss traffic incident. Booth asked an investigator in the DA's office to access a confidential law enforcement database to find out the person's identity. He then sent that person a threatening letter referring to the traffic incident.
http://neworleans.fbi.gov/dojpressrel/pressrel09/no122209.htm
21 December 2009 - Possible Prison Time for Sending Spyware
A
n Ohio man could face time in prison for sending spyware to a woman's computer. Scott Graham sent the spyware surreptitiously as an email attachment; the recipient opened the mail on two computers at her
workplace: Akron Children's Hospital. The software harvested confidential medical procedure and financial information. The spyware was discovered because it was slowing down the hospital's computer system. The software is legal to use on computers owned by the person who purchases it. Graham has pleaded guilty to one felony charge of intercepting electronic communications.
http://www.coshoctontribune.com/article/20091221/NEWS01/912210309/1002/NEWS01/Cleveland-man-faces-prison-on-e-mail-spying-charge
17 December 2009 - Eleven Sentenced to Jail For Stealing Online Gaming Account Credentials
Chinese authorities have jailed 11 people for their roles in a scheme that aimed to steal online gaming login credentials. The group used Trojan horse programs to steal the information from five million profiles. They then sold game artifacts they accessed through the accounts, making a total of 30 million yuan (US $4.4 million). The eleven people received sentences of up to three years; the group was also fined a total of US $120,000. Dozens more people involved in the scheme are expected to be sentenced soon.
http://www.theregister.co.uk/2009/12/17/china_jails_game_trojan_vxers/
17 December 2009 - Conficker on 6.5 Million Machines Worldwide
According to information from Shadowserver, one in seven computers infected with Conficker are hosted on Chinese Internet service provider
(ISP) Chinanet. The ISP's infected machines account for 14 percent of all known infected machines, but make up just one percent of the company's network. Other ISPs have infection rates as high as 25 percent. Conficker has infected an estimated 6.5 million computers around the world.
http://www.securityfocus.com/news/11568
16 December 2009 - Stolen Laptop Holds Military and DoD Employee Information
A laptop computer stolen from the home of a Fort Belvoir Family and Morale, Welfare and Recreation Command contains personally identifiable information of more than 42,000 US Army soldiers, US Department of Defense employees and their families. The theft occurred on November 28. The Command learned of the theft on December 1. Affected individuals will be notified of the security breach by letter.
http://www.scmagazineus.com/thief-steals-us-army-laptop-from-employees-home/article/159875/
16 December 2009 - House Ethics Committee Data Leak Prompts Security Policy Changes
US House of Representatives chief administrative officer Daniel P.
Beard has recommended that legislative aides undergo new cyber security training and that the legislature take additional steps to protect sensitive data. The recommendations are the result of a six week review prompted by the inadvertent leak of an Ethics Committee document. The new security policies will be clear in their insistence that all House data remain on House equipment, that the data must be encrypted when they are stored on mobile devices and that they cannot be sent over any public system. Beard is also seeking to implement a requirement that the House's wireless Internet service be password protected. In addition, legislative employees who travel out of the country will have their wireless devices, including laptops, checked both before and after trips.
http://www.washingtonpost.com/wp-dyn/content/article/2009/12/15/AR2009121505075_pf.html
15 December 2009 - Minnesota Public Radio and Reporter May Face Legal Action Over Data Access
A Texas company is threatening to take legal action against a Minnesota Public Radio (MPR) and one of its reporters after they aired a story about security problems at the company that exposed sensitive personal information. Lookout Services, which allows its customers to verify the identities of potential employees, maintains that MPR and Sasha Aslanian broke the law when they accessed databases containing information for five Lookout customers, compromising the personal information of 500 people. Lookout acknowledges that its website was misconfigured in such a way as to allow unauthorized users to view customer information.
http://www.theregister.co.uk/2009/12/15/lookout_services_security_breach/
14 December 2009 - Stolen Swiss Bank Data Used in French Tax Evasion Investigation
Some of the data used by French authorities in tax evasion investigations appears to have been leaked by a former employee of HSBC Private Bank in Switzerland. Initially it was believed the man had provided French authorities with information on about 10 accounts, but that number is now believed to be much higher. The data were stolen about three years ago and a criminal complaint was filed in 2008. The man allegedly gave the information to the French government, but was not paid for it. He is reportedly under judicial protection in France.
http://www.computerworld.com/s/article/9142139/HSBC_confirms_data_theft_by_former_employee
|
